Skip to content

absolomb/smbspray

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
images
images
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
smbspray.py
smbspray.py
 
 

Repository files navigation

smbspray

A smarter SMB password sprayer with customizable options

Version 1.2

SMBSpray v1.2

usage: smbspray.py [-h] [-u users] [-U user] [-p passwords] [-P password] [-d domain] [-l minutes] [-a attempts] -ip IP/hostname [--threads threads] [--verbose] [--user_pw] [--unsafe] [--no-interaction] [--start-time HH:MM] [--end-time HH:MM]

Parse Spray Arguments.

optional arguments:
  -h, --help         show this help message and exit
  -u users           User list to spray
  -U user            Single user to spray
  -p passwords       Password list to spray
  -P password        Single password to spray
  -d domain          Domain
  -l minutes         Lockout policy period in minutes (Default: 30 minutes)
  -a attempts        Number of attempts per lockout period (Default: 1 attempt)
  -ip IP/hostname    IP/hostname to spray
  --threads threads  Number of threads to run (Default: 5 threads)
  --verbose          Verbose Mode
  --user_pw          Try username variations as password
  --unsafe           Keep spraying even if there are multiple account lockouts
  --no-interaction   Do not ask for user input
  --start-time HH:MM Start time for allowed operation
  --end-time HH:MM   End time for allowed operation

Basic Usage/Features

To pass smbspray a list of users and passwords use the -u and -p options. Alternatively, you can specify -U for a single user or -P for a single password.

The domain is optional as smbspray will attempt to automatically get it from the server specified with -ip, but can also be specified with -d. NetBIOS name also works.

By default smbspray will attempt one password every 30 minutes, this can be tuned with the -l option for how often you want to spray and also -a for how many attempts per period you want to try. So if you want to do 5 attempts every 15 minutes do -l 15 -a 5. To be extra safe in case you mess this up, there is an prompt to confirm before proceeding.

Also by default, smbspray will kill the current spraying session if 3 accounts are detected as locked out, this can be overriden with --unsafe if you wish to yolo spray.

--user_pw will try a few common username variations as the password which includes the username all lowercase, all uppercase, and captalized with an !. So if a username is bob it'll try bob, BOB, and Bob!.

Three log files get written to the current directory:

  • spray_logs.txt - log of all attempts with timestamps
  • valid_creds.txt - valid credentials
  • attempted_pws.txt - passwords attempted

Once a password has been tried for all users, it'll get written to attempted_pws.txt. So if you start up a new session and try to respray the same password, it prevents it from being sprayed again to try to be more efficient.

Putting this all together you can do something like:

An example of sprayed passwords being removed and exiting when locked account threshold is met:

Credits

About

SMB Password Sprayer

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages